RMX Security CERT Global

    • CVE-2022-40494
      NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via constantly generating and sending the Auth key and Timestamp parameters. ... read more
    • CVE-2022-26236
      The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This ... read more
    • CVE-2022-26238
      The default privileges for the running service Normand Service Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows ... read more
    • CVE-2022-3002 (yetiforce_customer_relationship_management)
      Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. ... read more
    • CVE-2022-27810
      It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when ... read more
    • CVE-2022-39284
      CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `ConfigCookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a ... read more
    • CVE-2022-41355
      Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department. ... read more
    • CVE-2022-39279
      discourse-chat is a plugin for the Discourse message board which adds chat functionality. In versions prior to 0.9 some places render a chat channel's name and description in an unsafe ... read more
    • CVE-2022-41556
      A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It ... read more
    • CVE-2022-41522
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. ... read more
    • CVE-2022-41517
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function ... read more
    • CVE-2022-41520
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. ... read more
    • CVE-2022-41521
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. ... read more
    • CVE-2022-41528
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. ... read more
    • CVE-2022-41527
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. ... read more
    • CVE-2022-41523
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. ... read more
    • CVE-2022-41853
      Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any ... read more
    • CVE-2022-41524
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. ... read more
    • CVE-2022-42457
      Generex CS141 before 2.08 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by ... read more
    • CVE-2022-41525
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. ... read more
    • CVE-2022-41518
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. ... read more
    • CVE-2022-41852
      Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and ... read more
    • CVE-2022-41526
      TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. ... read more
    • CVE-2022-42241 (simple_cold_storage_management_system)
      Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_message. ... read more
    • CVE-2022-42242 (simple_cold_storage_management_system)
      Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/classes/Master.php?f=delete_booking. ... read more
    • CVE-2022-42250 (simple_cold_storage_management_system)
      Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=. ... read more
    • CVE-2022-42249 (simple_cold_storage_management_system)
      Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=. ... read more
    • CVE-2022-42243 (simple_cold_storage_management_system)
      Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=. ... read more
    • Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
    • Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors   
      Original release date: October 6, 2022CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities ... read more
    • IBM Security Update
      IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are ... read more
    • Ubuntu Security Update
      Ubuntu has released security updates to address vulnerabilities in Linux kernel, kitty and DHCP. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and ... read more
    • Trend Micro Security Update
      Trend Micro has released security updates to address vulnerabilities in Apex One (on-prem) and Apex One (SaaS). Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege. Users ... read more
    • Cisco Security Update
      Cisco has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are ... read more
    • Dell Security Update
      Dell has released security updates to address vulnerabilities in Dell EMC SRM and Dell EMC Storage. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. ... read more
    • Android Security Update
      Google has released security update to address vulnerabilities in Android OS. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege. Users and administrators are encouraged to review ... read more
    • Chrome Security Update
      Google has released security updates to address vulnerabilities in Chrome for Desktop and ChromeOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and ... read more
    • Oracle Linux Security Update
      Oracle has released security updates to address vulnerabilities in kurbenetes, squid and bind. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information. Users and administrators ... read more
    • Red Hat Security Update
      Red Hat has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are ... read more
    • Mageia Security Update
      Mageia has released security updates to address vulnerabilities in bash, chromium-broswer and golang. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators ... read more
    • CISA Releases Two Industrial Control Systems Advisories
      Original release date: October 6, 2022CISA released two (2) Industrial Control Systems (ICS) advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits ... read more
    • Cisco Releases Security Updates for Multiple Products
      Original release date: October 6, 2022Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected ... read more
    • HIWIN Robot System Software (HRSS)
      ICS Advisory ... read more
    • Rockwell Automation FactoryTalk VantagePoint
      ICS Advisory ... read more
    • CERTFR-2022-AVI-884 : Multiples vulnérabilités dans Trend Micro Apex One (06 octobre 2022)
      De multiples vulnérabilités ont été découvertes dans Trend Micro Apex One. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des ... read more
    • CERTFR-2022-AVI-885 : Multiples vulnérabilités dans les produits Cisco (06 octobre 2022)
      De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni ... read more
    • CERTFR-2022-AVI-886 : Multiples vulnérabilités dans les produits IBM (06 octobre 2022)
      De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance ... read more
    • Cyberattack on Menéame with data leaks
      Publication date: 10/03/2022 Menéame has been the target of an attack in which some users' data was leaked. The company details, in its official statement, that on 14 September ... read more
    • Ciberataque a Menéame con filtración de datos
      Fecha de publicación: 03/10/2022 Menéame ha sido objetivo de un ataque en el que se filtraron datos de algunos usuarios. La compañía detalla, en su comunicado oficial, que el ... read more
    • Vulnerabilidad de credenciales sin cifrar en BD Totalys MultiProcessor
      Fecha de publicación: 06/10/2022 Importancia: Media Recursos afectados: BD Totalys MultiProcessor, versión 1.70 y anteriores. Descripción: BD ha informado a CISA de una vulnerabilidad de uso de ... read more
Title Category Tag

Chemical Industry – Parsons Report – Cybersecurity

CybersecurityICSIIOT cybersecurity epcm ICS

US DOE CIB – 21 Steps to Improve Cyber Security of SCADA Networks – Cybersecurity

CybersecurityIIOTInfrastructure cybersecurity ICS SCADA